-
Notifications
You must be signed in to change notification settings - Fork 6
/
HelloMap.java
82 lines (77 loc) · 2.26 KB
/
HelloMap.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
/**
* Count and print `execve` calls per user
*/
package me.bechberger.ebpf.samples.chapter2;
import me.bechberger.ebpf.bcc.BPF;
import me.bechberger.ebpf.bcc.BPFTable;
import static me.bechberger.ebpf.bcc.BPFTable.HashTable.UINT64T_MAP_PROVIDER;
/**
* {@snippet :
* from bcc import BPF
* from time import sleep
*
* program = r"""
* BPF_HASH(counter_table);
*
* int hello(void *ctx) {
* u64 uid;
* u64 counter = 0;
* u64 *p;
*
* uid = bpf_get_current_uid_gid() & 0xFFFFFFFF;
* p = counter_table.lookup(&uid);
* if (p != 0) {
* counter = *p;
* }
* counter++;
* counter_table.update(&uid, &counter);
* return 0;
* }
* """
*
* b = BPF(text=program)
* syscall = b.get_syscall_fnname("execve")
* b.attach_kprobe(event=syscall, fn_name="hello")
*
* # Attach to a tracepoint that gets hit for all syscalls
* # b.attach_raw_tracepoint(tp="sys_enter", fn_name="hello")
*
* while True:
* sleep(2)
* s = ""
* for k,v in b["counter_table"].items():
* s += f"ID {k.value}: {v.value}\t"
* print(s)
* }
*/
public class HelloMap {
public static void main(String[] args) throws InterruptedException {
try (var b = BPF.builder("""
BPF_HASH(counter_table);
int hello(void *ctx) {
u64 uid;
u64 counter = 0;
u64 *p;
uid = bpf_get_current_uid_gid() & 0xFFFFFFFF;
p = counter_table.lookup(&uid);
if (p != 0) {
counter = *p;
}
counter++;
counter_table.update(&uid, &counter);
return 0;
}
""").build()) {
var syscall = b.get_syscall_fnname("execve");
b.attach_kprobe(syscall, "hello");
BPFTable.HashTable<Long, Long> counterTable = b.get_table("counter_table", UINT64T_MAP_PROVIDER);
while (true) {
Thread.sleep(2000);
for (var entry : counterTable.entrySet()) {
System.out.printf("ID %d: %d\t", entry.getKey(), entry.getValue());
}
System.out.println();
}
}
}
}